[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    [Samba] Workstation AD members failing DNS updates - and worse!
From:       Michael A Weber via samba <samba () lists ! samba ! org>
Date:       2016-09-30 18:27:36
Message-ID: F625CC49-8F16-49E1-A8E9-361B816B5CAF () gmail ! com
[Download RAW message or body]

Greetings, everyone.

I have Samba 4.4.5, built from source on CentOS 6.8 using Bind 9.8.2 and configured \
in the last couple months.  It's in place and functioning, but I'm having a few \
issues I'm trying to iron out.

First, the workstations added to the AD domain are not able to make DNS updates if \
the IP address changes after the domain join.  However, at the time of the AD join, \
the DNS entries were created successfully.

This, however, is now a secondary problem as I have a new, potentially larger issue \
that I cannot identify its cause and I believe needs to be addressed before we get \
workstations updating DNS entries.

When I was configuring everything, I tested the DNS configuration and managed to iron \
out all the SELinux problems with samba_dnsupdate —verbose —all-names, and that \
did function correctly…

…but now if I run it, it is failing.

27 updates it wants to perform, and all 27 fail with similar (this is sanitized):

27 DNS updates and 0 DNS deletes needed
update(nsupdate): A addc.domain2.domain1.tld 192.168.237.21
Calling nsupdate for A addc.domain2.domain1.tld 192.168.237.21 (add)
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
addc.domain2.domain1.tld. 900 IN	A	192.168.237.21

update failed: NOTAUTH
Failed nsupdate: 2

I've googled the NOTAUTH errors but cannot find anything particular to my system \
which may be the cause, I've gone back and verified all my configuration information \
is seemingly correct per the wiki pages, checked permissions on needed .keytab and \
.conf files, checked logs for any SELinux errors, and nothing.  I can't figure out \
what I may have changed which made my working configuration stop working.

So, I'd like to get this working first and then try to get the workstation DNS \
updates functioning, too.

Any ideas?  I'm completely lost (or, looking at things for so many hours have glossed \
over my poor eyes and I just can't see what is the problem).

Best,
Mike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]